What is a public key?
A public key is a piece of information you can safely share that helps other people or systems do secure things with you online. Most often, it is used for encrypting data (so only you can read it) and verifying digital signatures (so others can confirm something really came from you).
Public keys are one of the core building blocks behind public key cryptography, asymmetric encryption, digital signatures, TLS certificates (HTTPS), and SSH keys.
The idea in a nutshell
Public key cryptography works with a pair of linked keys:
- Public key: shared with the world
- Private key: kept secret by the owner
They are mathematically connected, but not interchangeable. People use your public key to interact securely with you, while your private key is what gives you control.
A helpful analogy is a padlock and a key. You can hand out the padlock (public key) so anyone can lock a box for you (encrypt something). Only you keep the key that opens it (private key).
What is a public key used for?
Encrypting data for you
If someone wants to send you something confidential, they can encrypt it using your public key. Once it is encrypted, only the matching private key can decrypt it. That means you can receive private messages or files even from people you have never met before, as long as they have your public key.
Verifying your digital signatures
A digital signature is like a tamperproof seal for data. You create a signature using your private key. Anyone can then verify that signature using your public key.
Verification helps answer two questions:
- Has the data been changed since it was signed?
- Did the signer control the private key that matches this public key?
This is how signed software updates, signed documents, and many identity systems build trust.
Public key vs private key, recap
Public key
- Designed to be shared
- Used to encrypt data to you or verify your signatures
- Often stored in certificates, directories, or server configurations
Private key
- Must stay secret
- Used to decrypt data encrypted to your public key
- Used to create digital signatures
- If it leaks, an attacker may impersonate you or decrypt data intended for you
Where you will see public keys in real life
HTTPS and TLS certificates
When you visit a site over HTTPS, your browser checks a certificate. Certificates are meant to connect a public key to an identity, like a domain name, so your browser can trust it is talking to the right server.
SSH access to servers
SSH key login works by putting your public key on the server. When you connect, your computer proves it holds the matching private key. If the proof checks out, you get access without typing a password.
PKI in companies and government
In enterprise environments, public keys are managed through Public Key Infrastructure (PKI). PKI handles things like certificate issuance, renewal, and revocation so that identities and keys can be trusted at scale.
Is it safe to share a public key?
Yes. A public key is meant to be public.
The main risk is not that someone sees your public key. The main risk is that someone swaps it with a different key and convinces others it is yours. That is why certificates, fingerprints, and trusted channels matter.
Best practices when using public keys
- Protect the private key first. Public key security only works if private keys stay private.
- Use certificates when identity matters. For websites and business systems, certificates help bind a key to a name.
- Verify key fingerprints in high risk situations. If you are exchanging keys for something sensitive, confirm the fingerprint using a separate trusted channel.
- Rotate and revoke when needed. If a private key might be compromised, replace it quickly and revoke related certificates if applicable.
FAQ
Is a public key the same as a certificate?
No. A certificate is a signed digital document that usually contains a public key plus identity information.
Can someone derive my private key from my public key?
Modern public key algorithms are designed so this is not feasible in practice, assuming strong algorithms and proper key sizes.
Why do some systems use session keys if they already have public keys?
Public key operations are powerful but comparatively slow. Many protocols use public keys to set up trust and then switch to fast symmetric encryption for the actual data transfer.
Sources
“The key usage extension defines the purpose (e.g., encipherment, signature, certificate signing) of the key contained in the certificate.” (datatracker.ietf.org)
“The public part of an asymmetric key pair that is used to verify signatures or encrypt data.” (NIST Computer Security Resource Center)
“Determining the private key from the public key is computationally infeasible.” (NIST Computer Security Resource Center)
“In the case of digital signatures, the public key is used to verify a digital signature that was generated using the corresponding private key.” (NIST Publications)
“The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in.” (man7.org)
“The certificates contain the public key of the certificate subject. They don’t contain the subject’s private key.” (Microsoft Learn)
“A certificate is a data structure that contains a public key and a name.” (Smallstep)